Hackers have stolen approximately $100 million in various cryptocurrencies from Horizon, according to public statements from Horizon’s developers.
1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.
More 🧵
— Harmony 💙 (@harmonyprotocol) June 23, 2022
Horizon is a “blockchain bridge,” a service that enables users to convert cryptocurrency assets for use on another blockchain. Bridges are prime targets for hackers for several reasons:
- Blockchain bridges handle an enormous number of transactions and maintain large amounts of liquidity. This increases the potential payout and may also help malicious actors avoid detection.
- Bridges generally have more vulnerabilities than cryptocurrency exchanges. Some decentralized bridges are practically untested.
- Because bridges may not require user identification — or two-factor authentication — victims have few options for retrieving lost funds or identifying the attackers.
Harmony, which develops Horizon, says that they have begun working with national authorities and forensic specialists to identify the hackers responsible for the losses. However, Harmony has not released specific details about any vulnerabilities that may have enabled the attack.
A single Horizon account was responsible for the alleged theft
Ape Dev, a self-described “shadowy super coder” and founder of cryptocurrency consultancy Chainstride, identified potential vulnerabilities in Horizon’s code in April 2022.
According to Ape Dev’s investigation, the security of the Harmony Ethereum bridge required consent from two owners to execute an “arbitrary transaction.” Citing this alleged issue, Ape Dev predicted another “9-figure hack” back in April.
Are cryptocurrency bridges and exchanges at risk?
Even with the recent fall in cryptocurrency values, hackers have strong incentives to target stores of assets — and as long as DeFi exchanges and bridges remain vulnerable, additional attacks are likely.
The Horizon hack joins a growing list of troubling developments for the cryptocurrency community, The Ronin Network lost more than $600 million in a March security breach, while decentralized cryptocurrency bridge Wormhole lost at least $320 million in February.
Cryptocurrency enthusiasts should research carefully before trusting any service to handle transactions, regardless of whether those services are decentralized. The safest option is to maintain funds in a secure “cold” wallet — although lost passwords and hardware failure can put those assets at risk.
Datarecovery.com offers cryptocurrency recovery services for every crypto asset, including blockchain-specific tokens. To learn more, contact us at 1-800-237-4200 or submit a case online.
